Sid Command

Article
12/06/2010

Use Sid to update or list either all or specified registered security identifiers (SIDs).

Required Permissions

To use the Sid command, you must be a member of the Team Foundation Administrators security group on the Team Foundation application-tier computer and a member of the sysadmin security group for SQL Server on the Team Foundation data-tier computer. For more information, see Team Foundation Server Permissions.

Note

Even if you are logged on with administrative credentials, you must open an elevated Command Prompt to perform this function on a server that is running Windows Server 2008. To open an elevated Command Prompt, click Start, right-click Command Prompt, and click Run as Administrator. For more information, see the Microsoft Web site.

TFSAdminUtil Sid [/noprompt | /i] [/Change source target] [account]

Parameters

Argument	Description
source	Used with /Change option to instruct the Sid command to change the SIDs for users currently in the Team Foundation Server integration database that are in the domain or computer in a work group specified by source.
target	Used with /Change option to instruct the Sid command to change the SIDs in the Active Directory of the domain or computer in a work group specified by target.
account	Used with /Change option to instruct the command to update the SIDs for the account specified by account. The account argument must be in username format. For example domain/username.

source

Used with /Change option to instruct the Sid command to change the SIDs for users currently in the Team Foundation Server integration database that are in the domain or computer in a work group specified by source.

target

Used with /Change option to instruct the Sid command to change the SIDs in the Active Directory of the domain or computer in a work group specified by target.

account

Used with /Change option to instruct the command to update the SIDs for the account specified by account.

The account argument must be in username format. For example domain/username.

Option	Description
/Change	Synchronizes the SID in the database for Visual Studio Team System Team Foundation Server with the SID from Windows. If they are different, updates the Team Foundation Server SIDs for all (/All) or a specific user account. If /Change is not specified Sid command defaults to listing the SIDs.

/Change

Synchronizes the SID in the database for Visual Studio Team System Team Foundation Server with the SID from Windows. If they are different, updates the Team Foundation Server SIDs for all (/All) or a specific user account.

If /Change is not specified Sid command defaults to listing the SIDs.

Remarks

Important Note:
We recommend that you back up the databases in the Team Foundation Server data tier server.

Team Foundation Server uses SIDs for identifying users and associating them to permissions. Team Foundation version control stores the users’ information in the identity table where the user's SID is registered as the authenticationKey.

The TFSAdminUtil Sid command is used by an administrator to update user accounts to respond to renaming users, or reinstalling Team Foundation onto a different computer. For example, if the administrator wants to move the Team Foundation installation to a new computer, the administrator must follow these steps:

Restore the data backups and create the application tier.
Use the TFSAdminUtil Sid command to list all of the accounts.
Use the list generated in step two (2) to create all the user accounts.
Run TFSAdminUtil Sid /Change source target command to update the SIDs of the user accounts in the Team Foundation Server.

This results in the user accounts retaining all of their previous permissions and ownerships.

Note

After you use the Sid command, you can expect unpredictable behavior until Team Foundation Server synchronizes with Active Directory. It is recommended that the migrated users do not use the system for at least an hour after the Sid command has been run.

Example

The following example instructs the Sid command of the TFSAdminUtil utility to list three columns of information: Account Name, Found, and Equal to Windows SID. The entries in Found and Equal to Windows SID contain True, if the SIDs are found and match.

>TFSAdminUtil.exe Sid

The following example illustrates how you can use the Sid command to update all user accounts in Team Foundation Server as part of moving your deployment from a workgroup to a domain. The Change option will reconfigure all accounts that existed in the previous workgroup that you specify (OldComputerName) to use SIDs for the new domain that you specify (NewDomain).

Note

When you change a deployment of Team Foundation Server from a workgroup to a domain, you must perform other tasks in addition to updating user accounts. For more information, see How to: Move Your Deployment of Team Foundation Server from One Environment to Another.

>TFSAdminUtil.exe Sid /Change OldComputerName NewDomain

Change History

Date	History	Reason
June 2010	Added code example for the /change option of the Sid command.	Customer feedback.

Sid Command

Parameters

Remarks

Example

See Also

Other Resources

Change History

Additional resources